PT-2022-4801 · Python+5 · Python+5

Mlucool

+1

·

Published

2022-01-19

·

Updated

2025-01-30

·

CVE-2022-21699

CVSS v3.1

8.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions IPython versions prior to 7.31.1 IPython versions prior to 8.0.1 IPython versions prior to 7.16.3
Description The issue is related to arbitrary code execution achieved by not properly managing cross-user temporary files. This allows one user to run code as another on the same machine, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service.
Recommendations For IPython versions prior to 7.31.1, upgrade to version 7.31.1 or later. For IPython versions prior to 8.0.1, upgrade to version 8.0.1 or later. For IPython versions prior to 7.16.3, upgrade to version 7.16.3 or later. As a temporary workaround, consider restricting access to directories where multiple users may write to, to minimize the risk of cross-user attacks.

Exploit

Fix

Improper Privilege Management

Weakness Enumeration

CWE-269CWE-279CWE-250

Related Identifiers

ALT-PU-2022-1292
BDU:2022-05761
CVE-2022-21699
DLA-2896-1
DSA-5065-1
GHSA-PQ7M-3GW7-GQ5X
MGASA-2023-0058
OPENSUSE-SU-2022:10043-1
OPENSUSE-SU-2024:11763-1
OPENSUSE-SU-2024:11995-1
OPENSUSE-SU-2025:14718-1
PYSEC-2022-12
USN-5953-1

Affected Products

Alt Linux
Astra Linux
Python
Linuxmint
Red Os
Ubuntu